Slackware 14.2: 2016-308-01 Critical: Curl Security Issues
slackware
November 4, 2016
New curl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues
Summary
Here are the details from the Slackware 14.2 ChangeLog: patches/packages/curl-7.51.0-i586-1_slack14.2.txz: Upgraded. This release fixes security issues: CVE-2016-8615: cookie injection for other servers CVE-2016-8616: case insensitive password comparison CVE-2016-8617: OOB write via unchecked multiplication CVE-2016-8618: double-free in curl_maprintf CVE-2016-8619: double-free in krb5 code CVE-2016-8620: glob parser write/read out of bounds CVE-2016-8621: curl_getdate read out of bounds CVE-2016-8622: URL unescape heap overflow via integer truncation CVE-2016-8623: Use-after-free via shared cookies CVE-2016-8624: invalid URL parsing with '#' CVE-2016-8625: IDNA 2003 makes curl use wrong host For more information, see: https://curl.se/docs/CVE-2016-8615.html https://www.cve.org/CVERecord?id=CVE-2016-8615 https://curl.se/docs/CVE-2016-8616.html https://www.cve.org/CVERecord?id=CVE-2016-8616 https://curl.se/docs/CVE-2016-8617.html
Read the Full Advisory
Where Find New Packages
Thanks to the friendly folks at the OSU Open Source Lab
(https://osuosl.org/) for donating FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://www.slackware.com/ for
additional mirror sites near you.
Updated package for Slackware 13.0:
Updated package for Slackware x86_64 13.0:
Updated package for Slackware 13.1:
Updated package for Slackware x86_64 13.1:
Updated package for Slackware 13.37:
Updated package for Slackware x86_64 13.37:
Updated package for Slackware 14.0:
Updated package for Slackware x86_64 14.0:
Updated package for Slackware 14.1:
Updated package for Slackware x86_64 14.1:
Updated package for Slackware 14.2:
Updated package for Slackware x86_64 14.2:
Updated package for Slackware -current:
Updated package for Slackware x86_64 -current:
MD5 Signatures
Slackware 13.0 package:
af2372bf676474745a0dc09a3f63022c curl-7.51.0-i486-1_slack13.0.txz
Slackware x86_64 13.0 package:
2895acf3b040c98bc36136a42d4337da curl-7.51.0-x86_64-1_slack13.0.txz
Slackware 13.1 package:
ff8531dcb458e6e004ffc0d1834f79ff curl-7.51.0-i486-1_slack13.1.txz
Slackware x86_64 13.1 package:
209d8f20153c0f71f7de42e79f61b754 curl-7.51.0-x86_64-1_slack13.1.txz
Slackware 13.37 package:
23ae80080d7dd434e2b34857ca5b9ded curl-7.51.0-i486-1_slack13.37.txz
Slackware x86_64 13.37 package:
b43c2714e7128f7d37b375ff2095500f curl-7.51.0-x86_64-1_slack13.37.txz
Slackware 14.0 package:
82bc3fafa0363354ea84cd1b6cf13953 curl-7.51.0-i486-1_slack14.0.txz
Slackware x86_64 14.0 package:
b23076850711c42e0cd411791f0b84a6 curl-7.51.0-x86_64-1_slack14.0.txz
Slackware 14.1 package:
2667ed9a40a2fd4cfbc0c9ef48838952 curl-7.51.0-i486-1_slack14.1.txz
Slackware x86_64 14.1 package:
fa92dc36cf68a6e7ec4a1313f9b852ad curl-7.51.0-x86_64-1_slack14.1.txz
Slackware 14.2 package:
464cf649cecc4003917a21269a7ce1af curl-7.51.0-i586-1_slack14.2.txz
Slackware x86_64 14.2 package:
269d377e735a243d4b806d81b874ed1a curl-7.51.0-x86_64-1_slack14.2.txz
Slackware -current package:
3e86800cdae36cda905cd35e3738c8d6 n/curl-7.51.0-i586-1.txz
Slackware x86_64 -current package:
abe70641a1b24661e96ddc3537748d4c n/curl-7.51.0-x86_64-1.txz
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Installation Instructions
Installation instructions: Upgrade the package as root: # upgradepkg curl-7.51.0-i586-1_slack14.2.txz
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!